HIPAA Electronic Protected Health Information (ePHI)


You might be wondering, what’s the electronic protected health information definition? Electronic protected health information or ePHI is defined in HIPAA regulation as any protected health information (PHI) that is created, stored, transmitted, or received in any electronic format or media.

HIPAA regulation states that ePHI includes any of 18 distinct demographics that can be used to identify a patient. Common examples of ePHI include:

  1. Name
  2. Address (including subdivisions smaller than state such as street address, city, county, or zip code)
  3. Any dates (except years) that are directly related to an individual, including birthday, date of admission or discharge, date of death, or the exact age of individuals older than 89
  4. Telephone number
  5. Fax number
  6. Email address
  7. Social Security number
  8. Medical record number
  9. Health plan beneficiary number
  10. Account number
  11. Certificate/license number
  12. Vehicle identifiers, serial numbers, or license plate numbers
  13. Device identifiers or serial numbers
  14. Web URLs
  15. IP address
  16. Biometric identifiers such as fingerprints or voice prints
  17. Full-face photos
  18. Any other unique identifying numbers, characteristics, or codes

Make Sure You’re HIPAA Compliant

Are you protecting ePHI in line with HIPAA? We can help!

Additionally, HIPAA sets standards for the storage and transmission of ePHI.

Media used to store data includes:

  • Personal computers with internal hard drives used at work, home, or while traveling
  • External portable hard drives
  • Magnetic tape
  • Removable storage devices, including USB drives, CDs, DVDs, and SD cards
  • Smartphones and PDAs

Means of transmitting data via wi-fi, Ethernet, modem, DSL, or cable network connections includes:

  • Email
  • File transfers

Confidentiality, Integrity, Availability of ePHI

The HIPAA Security Rule sets specific standards for the confidentiality, integrity, and availability of ePHI. HIPAA beholden entities including health care providers (covered entities) and health care vendors/IT providers (business associates) must implement an effective HIPAA compliance program that addresses these HIPAA security requirements. Confidentiality, integrity, and availability can be broken down into:

  • Confidentiality is maintaining that ePHI is not illegally disclosed without proper patient authorizations in place
  • Integrity is ensuring that ePHI that is transferred or maintained by a health care organization will not be accessed except by appropriate and authorized parties
  • Availability is allowing patients to access their ePHI in accordance with HIPAA security standards

About Compliancy Group

At Compliancy Group, we understand the importance of protecting electronic protected health information (ePHI) in accordance with HIPAA regulations. Our company provides comprehensive solutions to ensure that your organization is fully compliant with HIPAA regulations and able to safeguard ePHI. We offer a user-friendly compliance platform that guides you through the entire compliance process, from risk assessments to employee training and documentation. Our team of compliance coaches are always available to answer any questions and provide support. With our help, you can have peace of mind knowing that your organization is fully compliant with HIPAA regulations and protecting ePHI.

Modernize Your Compliance

Say goodbye to spreadsheets and hello to automated software!

Global CTAs Image